Joint statement ahead of the 2nd year anniversary of the General Data Protection Regulation

Met dank overgenomen van Europese Commissie (EC) i, gepubliceerd op woensdag 20 mei 2020.

On 25 May 2020, the General Data Protection Regulation will celebrate its second year of entry into application. To mark the occasion, Věra Jourová i, Vice-President for Values and Transparency, and Didier Reynders i, Commissioner for Justice, issued the following statement:

“25 May marks the second anniversary of the application of Europe's strengthened data protection rules, the General Data Protection Regulation, widely known as the GDPR. Within two years, these rules have not only shaped the way we deal with our personal data in Europe, but has also become a reference point at global level on privacy.In an environment increasingly relying on the processing of data, the GDPR ensures that citizens have more control over their personal data and sets at the same time a framework for trustworthy innovation. GDPR is a cornerstone of the European digital transition.

During the past two years, citizens and businesses have become more aware of the importance of data protection. The Commission has supported this growing awareness through online communication efforts such as our web guidance that 4.3 million businesses and citizens consulted over the last two years.

In the context of the coronavirus pandemic, now, more than ever, citizens must be sure that their personal data are well protected. Tracing apps can only become an effective and widely used tool to support the recovery from the pandemic when citizens trust that their privacy is safeguarded. In this respect,the GDPR and EU privacy rules play a vital role.

The GDPR has changed the landscape in Europe and beyond. Nonetheless, compliance is a dynamic process and does not happen overnight. The national data protection authorities, as the competent authorities to enforce data protection rules, have often not yet reached their full capacities. We therefore call upon Member States to equip their data protection authorities with the adequate human, financial and technical resource to make effective use of their enforcement powers.

Our key priority for the months to come is to continue ensuring the proper and uniform implementation of GDPR in the Member States. We will continue our close collaboration with the European Data Protection Board and national data protection authorities, as well as businesses and civil society to accompany and facilitate the implementation of the new rules. Based on our experience, we will be able to guide the safe development of new technologies. We will further engage with our international partners to continue developing convergence in privacy standards and promote safe data flows.”

Background

The General Data Protection Regulation is a single set of rules of EU lawto the protection of individuals in relation to the protection of personal data, directly applicable in the Member States. It reinforces trust by putting individuals back in control of their personal data and at the same time guarantees the free flow of personal data between EU Member States. The protection of personal data is a fundamental right in the European Union.

The GDPR has been applicable since 25 May 2018. Since then, Member States have adapted their national laws in the light of GDPR. The National Data Protection Authorities are in charge of enforcing the application of the new rules and are coordinating their actions thanks to the new cooperation mechanisms and the cooperation within the European Data Protection Board. The Board is, amongst others, issuing guidelines on key aspects of the GDPR to support the consistent application of the new rules.

For More Information

GDPR web guidance - EU data protection rules

Infographic: What your company must do

European Coronavirus response: digital